Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security vulnerability in Tomcat

 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13058
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Reported in this secunia advisory.

A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "Accept-Language" header is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site, e.g. via a specially crafted Flash file.

The vulnerability affects the following versions:
* Tomcat 4.0.0 to 4.0.6
* Tomcat 4.1.0 to 4.1.34
* Tomcat 5.0.0 to 5.0.30
* Tomcat 5.5.0 to 5.5.20
* Tomcat 6.0.0 to 6.0.5


Just thought you might find this interesting.

Bill
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic